[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Jiri Kosina jkosina at suse.cz
Wed Jun 27 17:24:20 UTC 2012

On Sat, 23 Jun 2012, Matthew Garrett wrote:

> > > Kexec kernels are going to have to be signed in the same way that
> > > modules are, but I suspect there's also some subtleties in the handover
> > > protocol.
> > 
> > At least /sbin/kexec needs to be patched to verify the sign key?
> We can't trust userspace verification. The kernel needs to verify it as 
> well.

When you are using crashkernel upon panic, which kernel will be the one 
verifying the signature? The crashed (and therefore not really 
trustworthy) one, or the newly kexeced one (i.e. it will have to verify 

Neither of the options seems particularly right to me.


Jiri Kosina

More information about the Ksummit-2012-discuss mailing list